mirror of
https://github.com/nix-community/nixos-anywhere.git
synced 2024-10-26 08:18:11 +03:00
8428ae7c52
Mirror the `-i` option from SSH, so you can run `nixos-anywhere ~/.ssh/other_key`. This commit also fixes an issue where the generated key-pair would stay around when using the SSH_PRIVATE_KEY env var.
41 lines
1.5 KiB
Nix
41 lines
1.5 KiB
Nix
(import ./lib/test-base.nix) {
|
|
name = "from-nixos-with-sudo";
|
|
nodes = {
|
|
installer = ./modules/installer.nix;
|
|
installed = {
|
|
services.openssh.enable = true;
|
|
virtualisation.memorySize = 1512;
|
|
|
|
users.users.nixos = {
|
|
isNormalUser = true;
|
|
openssh.authorizedKeys.keyFiles = [ ./modules/ssh-keys/ssh.pub ];
|
|
extraGroups = [ "wheel" ];
|
|
};
|
|
security.sudo.enable = true;
|
|
security.sudo.wheelNeedsPassword = false;
|
|
};
|
|
};
|
|
testScript = ''
|
|
start_all()
|
|
installer.succeed("echo super-secret > /tmp/disk-1.key")
|
|
output = installer.succeed("""
|
|
nixos-anywhere \
|
|
-i /root/.ssh/install_key \
|
|
--debug \
|
|
--kexec /etc/nixos-anywhere/kexec-installer \
|
|
--stop-after-disko \
|
|
--disk-encryption-keys /tmp/disk-1.key /tmp/disk-1.key \
|
|
--disk-encryption-keys /tmp/disk-2.key <(echo another-secret) \
|
|
--store-paths /etc/nixos-anywhere/disko /etc/nixos-anywhere/system-to-install \
|
|
nixos@installed >&2
|
|
echo "disk-1.key: '$(ssh -i /root/.ssh/install_key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
|
|
root@installed cat /tmp/disk-1.key)'"
|
|
echo "disk-2.key: '$(ssh -i /root/.ssh/install_key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
|
|
root@installed cat /tmp/disk-2.key)'"
|
|
""")
|
|
|
|
assert "disk-1.key: 'super-secret'" in output, f"output does not contain expected values: {output}"
|
|
assert "disk-2.key: 'another-secret'" in output, f"output does not contain expected values: {output}"
|
|
'';
|
|
}
|